ANDROID: KVM: arm64: Add function to report misconfigurations to pKVM.

Add function pkvm_handle_system_misconfiguration that is used to
report misconfigurations to pKVM that can undermine its security,
so pKVM can't take the proper action.
This patch only add one event NO_DMA_ISOLATION to indicate that DMA
is not isolated and access the hypervisor.
The patch adds type pkvm_system_misconfiguration to identify the event
instead of having a void function with only one action as in the
future different events can have different responses.

Bug: 268607700
Change-Id: I9f0d2aeee25bd6bed622d327d6cbb36119c54c58
Signed-off-by: Mostafa Saleh <smostafa@google.com>
(cherry picked from commit 3e8a2f0f1a)

arch/arm64/kvm/hyp/include/nvhe/pkvm.h

@@ -12,6 +12,13 @@
 #include <nvhe/gfp.h>
 #include <nvhe/spinlock.h>
 
+/*
+ * Misconfiguration events that can undermine pKVM security.
+ */
+enum pkvm_system_misconfiguration {
+	NO_DMA_ISOLATION,
+};
+
 /*
  * Holds the relevant data for maintaining the vcpu state completely at hyp.
  */
@@ -146,4 +153,9 @@ int pkvm_load_pvmfw_pages(struct pkvm_hyp_vm *vm, u64 ipa, phys_addr_t phys,
 			  u64 size);
 void pkvm_poison_pvmfw_pages(void);
 
+/*
+ * Notify pKVM about events that can undermine pKVM security.
+ */
+void pkvm_handle_system_misconfiguration(enum pkvm_system_misconfiguration event);
+
 #endif /* __ARM64_KVM_NVHE_PKVM_H__ */

arch/arm64/kvm/hyp/nvhe/pkvm.c

@@ -1524,3 +1524,14 @@ bool kvm_hyp_handle_hvc64(struct kvm_vcpu *vcpu, u64 *exit_code)
 
 	return false;
 }
+
+/*
+ * Notify pKVM about events that can undermine pKVM security.
+ */
+void pkvm_handle_system_misconfiguration(enum pkvm_system_misconfiguration event)
+{
+	if (event == NO_DMA_ISOLATION)
+		pkvm_poison_pvmfw_pages();
+	else
+		BUG();
+}